summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/auth2-chall.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2005-01-19 13:11:48 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2005-01-19 13:11:48 +0000
commit33b3db42e399e40816dc09c27ca2c1135e03864f (patch)
tree463a79cae95e31e53edc2fe9950501e9e3032699 /usr.bin/ssh/auth2-chall.c
parent426022726f7517d9f29850bd17ef2022337c86ab (diff)
Have keyboard-interactive code call the drivers even for responses for
invalid logins. This allows the drivers themselves to decide how to handle them and prevent leaking information where possible. Existing behaviour for bsdauth is maintained by checking authctxt->valid in the bsdauth driver. Note that any third-party kbdint drivers will now need to be able to handle responses for invalid logins. ok markus@
Diffstat (limited to 'usr.bin/ssh/auth2-chall.c')
-rw-r--r--usr.bin/ssh/auth2-chall.c11
1 files changed, 3 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c
index 5901ed81ec9..2dfc139f768 100644
--- a/usr.bin/ssh/auth2-chall.c
+++ b/usr.bin/ssh/auth2-chall.c
@@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.21 2004/06/01 14:20:45 dtucker Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $");
#include "ssh2.h"
#include "auth.h"
@@ -268,12 +268,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
}
packet_check_eom();
- if (authctxt->valid) {
- res = kbdintctxt->device->respond(kbdintctxt->ctxt,
- nresp, response);
- } else {
- res = -1;
- }
+ res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
for (i = 0; i < nresp; i++) {
memset(response[i], 'r', strlen(response[i]));
@@ -285,7 +280,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
switch (res) {
case 0:
/* Success! */
- authenticated = 1;
+ authenticated = authctxt->valid ? 1 : 0;
break;
case 1:
/* Authentication needs further interaction */